Zen Cart 'extras/curltest.php' Information Disclosure Vulnerability Network Vulnerability

Summary

Zen Cart is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to view local files in the context of the webserver process. This may allow the attacker to obtain sensitive information other attacks are also possible.

References

http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/
http://www.securityfocus.com/bid/37283
http://www.zen-cart.com/
http://www.zen-cart.com/forum/showthread.php?t=142784

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4321
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

123 Flash Chat Multiple Security Vulnerabilities
Apache Rave User Information Disclosure Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities